{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:11:24Z","timestamp":1750306284999,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,4,4]],"date-time":"2016-04-04T00:00:00Z","timestamp":1459728000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,4,4]]},"DOI":"10.1145\/2851613.2851802","type":"proceedings-article","created":{"date-parts":[[2016,6,2]],"date-time":"2016-06-02T19:23:42Z","timestamp":1464895422000},"page":"2087-2094","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["MalFlow"],"prefix":"10.1145","author":[{"given":"Tobias","family":"W\u00fcchner","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t, M\u00fcnchen"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mart\u00edn","family":"Ochoa","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mojdeh","family":"Golagha","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t, M\u00fcnchen"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gaurav","family":"Srivastava","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t, M\u00fcnchen"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Schreck","sequence":"additional","affiliation":[{"name":"Siemens CERT"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander","family":"Pretschner","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t, M\u00fcnchen"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2016,4,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"e_1_3_2_1_2_1","volume-title":"Balduzzi","author":"Bilge L.","year":"2011","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: Finding malicious domains using passive dns analysis. In: NDSS (2011)"},{"key":"e_1_3_2_1_3_1","volume-title":"Yin","author":"Brumley D.","year":"2008","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection (2008)"},{"key":"e_1_3_2_1_4_1","volume-title":"Blum","author":"Caballero J.","year":"2007","unstructured":"Caballero, J., Venkataraman, S., Poosankam, P., Kang, M. G., Song, D., Blum, A.: Fig: Automatic fingerprint generation. CMU TechReport (2007)"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","unstructured":"Egele M. Scholte T. Kirda E. Kruegel C.: A survey on automated dynamic malware-analysis techniques and tools. CSUR (2012) 10.1145\/2089125.2089126","DOI":"10.1145\/2089125.2089126"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/1496711.1496721"},{"key":"e_1_3_2_1_7_1","volume-title":"Lee","author":"Gu G.","year":"2008","unstructured":"Gu, G., Zhang, J., Lee, W.: Botsniffer: Detecting botnet command and control channels in network traffic. In: NDSS (2008)"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028096"},{"key":"e_1_3_2_1_9_1","volume-title":"Yang","author":"Kheir N.","year":"2015","unstructured":"Kheir, N., Blanc, G., Debar, H., Garcia-Alfaro, J., Yang, D.: Automated classification of c&c connections through malware url clustering. In: SEC (2015)"},{"key":"e_1_3_2_1_10_1","volume-title":"Holz","author":"K\u00fchrer M.","year":"2014","unstructured":"K\u00fchrer, M., Rossow, C., Holz, T.: Paint it black: Evaluating the effectiveness of malware blacklists. In: RAID (2014)"},{"key":"e_1_3_2_1_11_1","volume-title":"Gu","author":"Nappa A.","year":"2014","unstructured":"Nappa, A., Xu, Z., Rafique, M. Z., Caballero, J., Gu, G.: Cyberprobe: Towards internet-scale active detection of malicious servers. In: NDSS (2014)"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/2588191"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_8"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772862"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","unstructured":"Wressnegger C. Schwenk G. Arp D. Rieck K.: A close look on n-grams in intrusion detection: anomaly detection vs. classification. In: AISec (2013) 10.1145\/2517312.2517316","DOI":"10.1145\/2517312.2517316"},{"key":"e_1_3_2_1_16_1","volume-title":"Pretschner","author":"W\u00fcchner T.","year":"2014","unstructured":"W\u00fcchner, T., Ochoa, M., Pretschner, A.: Malware detection with quantitative data flow graphs. In: ASIACCS (2014)"},{"key":"e_1_3_2_1_17_1","volume-title":"Pretschner","author":"W\u00fcchner T.","year":"2015","unstructured":"W\u00fcchner, T., Ochoa, M., Pretschner, A.: Robust and effective malware detection through quantitative data flow graph metrics. In: DIMVA (2015)"},{"key":"e_1_3_2_1_18_1","volume-title":"Pretschner","author":"W\u00fcchner T.","year":"2012","unstructured":"W\u00fcchner, T., Pretschner, A.: Data loss prevention based on data-driven usage control. In: ISSRE (2012)"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1813084.1813104"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660352"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879148"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"}],"event":{"name":"SAC 2016: Symposium on Applied Computing","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"],"location":"Pisa Italy","acronym":"SAC 2016"},"container-title":["Proceedings of the 31st Annual ACM Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2851613.2851802","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2851613.2851802","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:38:57Z","timestamp":1750221537000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2851613.2851802"}},"subtitle":["identification of C&C servers through host-based data flow profiling"],"short-title":[],"issued":{"date-parts":[[2016,4,4]]},"references-count":22,"alternative-id":["10.1145\/2851613.2851802","10.1145\/2851613"],"URL":"https:\/\/doi.org\/10.1145\/2851613.2851802","relation":{},"subject":[],"published":{"date-parts":[[2016,4,4]]},"assertion":[{"value":"2016-04-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}